Suggested Splunk forwarder settings for RPM Elite

1) For  version 6.1 we plan to ship the following to Splunk:

Windows Event logs

C:\Program Files\Brooks Internet Software\RPM\Events*.csv

C:\Program Files\Brooks Internet Software\RPM\license.csv

C:\Program Files\Brooks Internet Software\RPM\rpmsrv*.log

C:\Program Files\Brooks Internet Software\RPM\report.txt

2) ports.txt is still available in RPM Elite 6.1

3) Splunk is a log aggregator.   It's not suitable for exporting databases.   We can look at backing up events.db file via a script if Brooks support thinks it's worthwhile.   We plan on backing up rpm.fdb on a daily basis.

Comments?

Thanks, Sergio

 

Sergio,

I'm not terribly familiar with Splunk, but if it's a logging reporting aggregation utility I'll need more information about its capabilities to make meaningful suggestions. Do you know how much support it has for databases of various architectures?

As far as your current settings are concerned - tracking license.csv makes a great deal if sense - it will be updated if your hardware ever changes and you need to refer back to it for the prior serial numbers on your machine. The other file, ports.txt, can be safely ignored in RPM 6 - it is not used and if it is still present I'll make note for the developers to address that.

Almost all other diagnostic information is stored within databases. The day-to-day logging for things like job processing and queue states is stored in c:\ProgramData\Brooks Internet Software\RPM\rpm.fdb (Firebird) and Diagnostic Logging is stored in c:\Program Files\Brooks Internet Software\RPM\Events.db (SQL Lite). If Splunk is able to read from those files I can try to provide some additional information regarding their structure.

--Daniel

Tue, 04/05/2016 - 16:46
Dan Casper